How-to Guide [How To] Set up VM for malware testing (my method)

Discussion in 'Tutorials & Guides' started by MalwareT, Jan 5, 2015.

  1. MalwareT

    MalwareT Guest

    #1 MalwareT, Jan 5, 2015
    Last edited by a moderator: Jan 6, 2015
    Alright guys, so today i'm going to show you how to setup VM for antivirus testing/malware testing or something else,so let's get started.Most of my friends and people asked me how do i setup machine for testing so i'm going to tell in this thread. If there's duplicate of this thread, please staff members delete this thread then, and i hope to be useful for someone.

    1).Virtualization software

    If you want to test malware or some security product in VM, you will need virtualization software.If you want free,simple,lightweight,i'd recommend you to use Oracle VM VirtualBox.
    If you want to use virtualization software with a lot of features like transforming your system to virtual machine etc. then you can choose VMware Workstation.
    Even though VMware is paid, they offer free VMware Player, but it doesn't allow to make snapshot of virtual machine. What's snapshot ? Snapshot is image file that contains current machine state when snapshot was taken. Overall, VirtualBox is best option for me, and a lot of folks here's using VirtualBox.

    2)Operating system

    If you want to test software you will need to have .iso image of Windows˜ operating system. Windows XP,Vista,7 or 8/8.1 - your choice,but i'm using Windows 7. If you're planning to use Windows 8.1 for best performance is recommended to have 2GB for guest. IF you want to download .iso image of Windows operating system, you have download links below. Please note that those ISOs below are original and they're not preactivated or modified by any means.

    Windows XP SP3
    Windows Vista
    Windows 7
    Windows 8/8.1

    3)Setting up VM

    To create virtual machine and also install operating system in it, you can follow steps in videos below:

    Windows Vista/7 (same procedure)

    Windows 8/8.1

    Windows XP

    After you're installed operating system, you can proceed to next step.

    4)Installing drivers

    After you're installed OS in VM, now you must install drivers for best performance and to get widescreen resolution. To install drivers in Virtualbox, click on "Devices" and then "Insert Guest Additions disk image" like in screenshot below:


    After that's done, restart your guest. In VMware is similar task (Tools>Install VMware tools).


    Before you get started with anything make sure you activated Windows. I'm not going to tell you how to activate it because it's against rules of this forum.

    6)Disable Windows Defender

    Before you get started with installing software for video reviews, you must disable Windows Defender because it's pretty annoying during tests. To completely disable WD, go to control panel>Windows Defender> and first you have to update it before disabling. After you're updated WD, disable it in services and under administration remove thick from "Use this software", and it will be disabled.


    7)Final touches

    After you're did all steps, then you need to install following software and do tweaks:

    1)Disable all animations to make Windows faster
    2)Upgrade IE8 to IE11
    3)Install following software:
    1. Malwarebytes Antimalware
    2. Hitman Pro
    3. Emsisoft Emergency Kit
    4. Phrozen VirusTotal Uploader (optional)
    5. HaoZip (has batch rename)
    6. Microsoft .NET Framework 4.5.2
    7. CCleaner/Clean Master
    8. Mozilla Firefox (optional)
    9. Process Explorer/Hacker
    10. AdwCleaner
    4)Update all software before creating snapshot
    5)Create shared folder and set it to "Read-Only" to prevent malware escape VM
    6)Create shortcut on desktop for shared folder
    7)Always disconnect shared folder before testing if you didn't set it to read only just for your system safety
    8)Pin HaoZip batch remaner,Hitman Pro,Malwarebytes,Process Explorer,Process Hacker,Calculator,AdwCleaner and Clean Master /CCleaner.

    8)Make snapshot of VM

    After you're done all steps,click on machine>take snapshot, name it and click "OK".In VMware Workstation you have take snapshot button on toolbar.
    Click close button at top of VirtualBox and click "Power Off" and put a checkmark to restore snapshot".
    For VMware just click on revert snapshot button.


    1)How to add shared folder ? Easy.
    • Make sure that you have Guest Additions installed or VMware tools if you have VMware;
    • Create new folder wherever you like and name it for example "VBox Shared" or something :D ;
    • Open you VirtualBox manager and open settings like in picture below:


    When you're clicked on settings go to shared folder and do like in picture(s) below:



    When you're done make sure that you put a checkmark as on picture above (to avoid malware escaping VM) and disconnecting won't be necessary.

    How to open shared folder on guest ?

    Easy.Open Computer, you may notice "network location", that's your shared folder presented as network location. You can create shortcut on desktop to make it easier to access. To disconnect just right-click and click disconnect. It should look like this:



    I hope that someone found this helpful. If you have any questions feel free to ask ;)
    Piholasimam, BearHug, AtlBo and 6 others like this.
  2. ahsanfreedom

    ahsanfreedom New Member

    Jan 2, 2015
    Whooa, this what im looking for
    I'm going to test some malware that shared in here, to look how it affecting the system, but I doubt about safety of my VM's config.
    I've asking one of member here, but no response :(
    Thanks a lot, btw.
    AtlBo and (deleted member) like this.
  3. MalwareT

    MalwareT Guest

    I'm glad to help. Just disable your antivirus on host and set shared folder to read only and your system is safe ;)
    AtlBo and ahsanfreedom like this.
  4. MalwareT

    MalwareT Guest

    This should be sticky :D
    AtlBo and frogboy like this.
  5. MalwareT

    MalwareT Guest

    How to test antivirus:
    1. Always make sure that is up to date;
    2. You should have at least 10 urls and make sure that they're working (test them) - source of urls here.
    3. Do not disable antivirus during extracting because it will make process faster (removal)
    4. Age of files shall be maximum 3 days old - source Virus Exchange.
    5. Always use task manager to show malicious file activity like Process Explorer/Hacker.
    AtlBo likes this.
  6. frogboy

    frogboy Level 61

    Jun 9, 2013
    Heavy Duty Mechanic.
    Western Australia
    Windows 10
    Thanks for a great how to on this so far i have always used Shadow Defender for testing i might give this a go as your demo looks easy enough to follow. Cheers. :)
    AtlBo, Rishi and (deleted member) like this.
  7. MalwareT

    MalwareT Guest

    If youre planning to do malware removal videos just like i did switch theme to windows classic instead of basic.
    AtlBo and frogboy like this.
  8. Spawn

    Spawn Administrator
    Staff Member Content Creator

    Jan 8, 2011
    Windows 10
    Could you explain the benefits of the programs listed, and why .NET Framework 4.5.2 in particular?

    Do you have a 'How-To' step-by-step guide for Sharing Folders, and how to disconnect before testing?
    AtlBo, jamescv7 and (deleted member) like this.
  9. MalwareT

    MalwareT Guest

    Malwarebytes,Hitman Pro and Emsisoft for after executing samples,Haozip for unpacking malware packs,Process Explorer/Hacker for monitoring each process,VT uploader is for more research on some malware. For shared folders i will add tomorrow ;)
    AtlBo likes this.
  10. Malware1

    Malware1 New Member

    Sep 28, 2011
    This is the worst thing to do when doing malware testing.
    AtlBo and (deleted member) like this.
  11. MalwareT

    MalwareT Guest

    Why ?
    AtlBo likes this.
  12. Malware1

    Malware1 New Member

    Sep 28, 2011
    i thought that's obvious for everyone... you just make the VM easier to detect by malware
    AtlBo and (deleted member) like this.
  13. MalwareT

    MalwareT Guest

    Well i do recommend Guest Additions/Vmware tools to install because of better performance and easier to work.
    AtlBo likes this.
  14. MalwareT

    MalwareT Guest

    @Huracan Shared folders tutorial added.
    AtlBo likes this.
  15. jamescv7

    jamescv7 Level 61

    Mar 15, 2011
    Web and FileMaker Developer
    Windows 10
    Regarding in Framework, since malware are run under of dependency method in order of the code structures to work. So to avoid any problems it must be installed for such to view of infection rate may happen on such samples taken.
  16. konkisko

    konkisko Level 1

    May 13, 2017
    Windows 10
    Thank you!!
    Cats-4_Owners-2 likes this.
  17. IceLion36

    IceLion36 Level 1

    Aug 1, 2017
    In the Network Configuration what is better:
    NAT or Bridged with the local ip of the VM blocked on the host's firewall?
    There aren't other devices connected to the network
  18. boredog

    boredog Level 9

    Jul 5, 2016
    Windows 10
    #18 boredog, Oct 12, 2017
    Last edited: Oct 12, 2017

    Attached Files:

Similar Threads Forum Date
How-to Guide [How To] Convert a disk from MBR to GPT Tutorials & Guides Oct 23, 2016
[How to] Secure your Windows network Tutorials & Guides Sep 17, 2015
How-to Guide [How to] configure SecureAPlus for maximum protection Tutorials & Guides Sep 4, 2015